Current Diligence Proof

Diligence Notice (intro)

AI Diligence Console

Diligence Notice

TL;DR: This data room represents Rōvn, Inc. (Delaware C-Corp) at pre-launch by design. Live product, zero paying logos, Design-partner outreach underway (zero signed), first clinical advisor confirmed, BAAs executed, SOC 2 Type II in progress with Drata, NCQA-aligned CVO trajectory in progress. Every claim is depth-labeled: LIVE (shipped + grep-verifiable), PARTIAL (schema or workflow partially complete), SCAFFOLD (schema/rails present but not a complete workflow), or TARGET (roadmap). Honest representations replace marketing claims throughout. Data room is confidential, do not forward without founder consent. AI operates the workflow. Source systems prove the facts. Humans make every regulated decision.

1. Posture Statement

Rōvn is a pre-seed company at pre-launch posture by design.

Live product. rovn.to, passport.rovn.to, and passport.rovn.to/mcp are all live and grep-verifiable.
Zero paying logos. Design-partner outreach is underway (pre-launch; zero signed). We do not yet have paying customers.
Compliance scaffolding in progress. HIPAA-aligned · BAA available; SOC 2 Type II in progress with Drata; NCQA-aligned, CVO certification trajectory in progress.
Documented build state. 02_product/PRODUCT_OVERVIEW.md is the truth ledger with LIVE / PARTIAL / SCAFFOLD / TARGET labels and grep-verifiable evidence for every LIVE claim.

This posture is intentional. Pre-launch by design means architecture, compliance posture, and engineering chassis come first; paid customer traffic follows. We do not run paying-customer PHI at scale until BAAs, audit chain, and HIPAA-aligned posture are battle-tested in design-partner pilots.

2. What Is In This Data Room

Folder	Contents
`01_company`	Entity, cap table, founders, advisors, charter, conversion note
`02_product`	Product overview, feature inventory, roadmap, Passport + facility workflow layer + AI doctrine memos
`03_engineering`	Architecture, infrastructure, deployment, security
`04_compliance`	HIPAA posture, BAA registry, SOC 2 Type II trajectory, NCQA CVO trajectory, compliance binder
`05_security`	Security policy, IR runbook, access controls
`05_gtm`	ICP, sales plan, hospital outreach plan
`06_financial`	Financial model, pricing rationale, use of funds
`07_legal`	Charter, equity grants, IP assignments, vendor contracts
`08_traction`	Pilot pipeline (under NDA), advisor commitments (under NDA)
`09_current_diligence`	Current diligence artifacts including investor updates
`09_team`	Founder + platform engineering partner under NDA + Clinical Advisory Board
`10_appendix`	Reference docs, MASTER_STRATEGY, MARKET_SIZING, COMPETITIVE_LANDSCAPE, BRAND_VOICE
`10_market_research`	Regulatory tailwinds, market sizing primary sources

The data room is structured so a serious diligence team can move from strategy (10_appendix) → product truth (02_product) → compliance (04_compliance) → GTM (05_gtm) → financials (06_financial) → traction (08_traction) without retracing context.

3. Honest Claims: The Truth Tiers

Every product capability in this data room carries one of three labels.

Tier	Definition	Examples
LIVE	Route registered in `app/main.py`, migration applied, smoke-tested in prod	Worker Passport, hash-chained audit log, 36 source adapters, facility workflow layer Command Center, MCP server
PARTIAL	Schema and partial code exist, end-to-end workflow not yet wired	Active staff monitoring full delta ingest, OPPE / FPPE workflows, `ai_runs` ledger across every executor path, consent_events UX
TARGET	Roadmap item, no shipped code yet (or scaffolding only)	ABMS + AMA adapters, CMS PECOS direct integration, Joint Commission / CMS surveyor/CMS audit packet builder, worker premium SKU

Specifics in 02_product/PRODUCT_OVERVIEW.md. Auditors can verify LIVE claims by grepping app/main.py and the migrations directory.

4. What We Explicitly Do NOT Claim

Topic	Honest claim
HIPAA	HIPAA-aligned · BAA available. Not any HIPAA certification language, no authority issues a HIPAA certification.
SOC 2	SOC 2 Type II in progress with Drata. Observation window opening Q3 2026; report target Q3 2027. Not "SOC 2 Type II in progress", the audit has not yet completed.
NCQA CVO	NCQA-aligned; CVO certification trajectory in progress. Not filed, not certified. Per `04_compliance/NCQA_CVO_TRAJECTORY.md`.
Joint Commission	Joint Commission / CMS surveyor-ready PSV evidence rail. No Joint Commission survey performed against Rōvn directly; customers carry their own Joint Commission accreditation.
Paying customers	Zero paying logos as of 2026-05-14. Design-partner outreach underway (zero signed).
Pentest	Pentest scheduled Q4 2026. No pentest report available yet.
Breach history	Zero breach history today because zero production paying-customer PHI traffic. We will earn this claim by operating cleanly through Y1.

We surface these "not yet" claims explicitly because investor diligence catches everything anyway. Pre-empting overclaim risk is the procurement-safe posture and the investor-safe posture.

5. Stress-Test Methodology

The pricing model, use-of-funds, market sizing, and GTM plan in this data room were stress-tested via 4-LLM council methodology:

DeepSeek V4-Pro (math, financials, isolated codegen review)
Claude Opus 4.7 (narrative, multi-file architecture, agentic loops)
Gemini 3-Pro (long-context analysis, 1M-token doc review)
Synthesis brain (convergence + divergence surfaced)

Where 3/3 or 4/4 models converged, we surface as high-confidence. Where they diverged, we surface the disagreement and reasoning. Pricing tiers, ACV bands, channel ROI prioritization (NAMSS first), and use-of-funds line items were all run through the council.

Result: every number in the financial model and GTM plan is defensible against industry benchmarks. The numbers are unproven at Rōvn-customer scale because Rōvn has zero paying-customer scale today. That gap is exactly the bet investors are pricing.

6. What Is NOT Yet in This Data Room

We disclose the gaps explicitly so diligence teams don't waste cycles hunting.

Customer LOIs. Design-partner conversations are active; no signed LOIs yet. Pilot conversion gate opens Q3 2026.
Paying-customer financial statements. We have no paying customers. Y1 financial projections in 06_financial reflect the wedge plan, not actuals.
Certified audit reports. SOC 2 Type II report target Q3 2027 (after the 12-month observation window); NCQA CVO certification target later. We provide trajectory documentation, control framework mapping, and Drata evidence collection state, but no audited attestation yet.
Pentest report. Q4 2026.
Reference customers for public quotation. First clinical advisor is confirmed; additional advisor seats and customer references remain in progress. Advisor names/titles should use advisor-approved wording before public release.

7. Diligence Process Expectations

For investors entering diligence:

Start with MASTER_SYNTHESIS.md at the package root for the 10-minute overview.
Move to 02_product/PRODUCT_OVERVIEW.md for the truth ledger.
Review 04_compliance/ in full, HIPAA posture, BAA registry, SOC 2 trajectory, NCQA CVO trajectory.
Review 05_gtm/ for ICP + sales plan + outreach plan.
Verify LIVE claims by grepping app/main.py and migrations directory (Rōvn engineering will provide repo access under signed NDA + IP-protective terms).
Reference calls with platform engineering leadership (named under NDA) + Clinical Advisory Board members available under NDA.
Founder Q&A, Giles-Evan Mboumi available for deep-dive sessions through the diligence window.

We commit to 48-hour turnaround on diligence questions through the active window of the raise.

8. Materiality + Update Cadence

Material updates to the data room will be published in 09_current_diligence/ with date-stamped filenames. The monthly investor update format (INVESTOR_UPDATE_YYYY_MM_DD.md) will continue post-close.

Materiality threshold for update:

New LIVE capability or major migration shipped
New BAA or sub-processor relationship executed
Design-partner pilot signed (with permission to disclose)
Compliance trajectory milestone hit (e.g. SOC 2 Type II observation window begin, SOC 2 Type II report issued)
Material change to use-of-funds or burn

9. Confidentiality

This data room is confidential. Access is granted under signed NDA or implicit confidentiality of a serious investor engagement.

Do not forward any document in this data room without explicit founder consent.
Do not share screenshots with anyone outside your firm or advisor network.
Do not use Rōvn's trade names, customer references, or partnership names in any public communication without permission.
Reverse-NDA on disclosed information. Names of design partners, advisors, and pre-launch customer discussions are subject to mutual confidentiality.

10. Honest Representation Summary

In one paragraph for the diligence partner who reads only one paragraph:

Rōvn is a Delaware C-Corp building the operating network for the healthcare workforce, a worker-owned, source-receipted, depth-labeled credential network (verify a clinician once, reuse everywhere) where AI operates the workflow, spanning credentialing, privileging, monitoring, payer readiness, and audit-ready human decisions. Zero paying logos. Design-partner outreach underway (zero signed). HIPAA-aligned · BAA available; AI chain: AWS Bedrock under BAA → Anthropic Claude (Haiku 4.5) under BAA → Rōvn backend on ECS; AWS + Anthropic + sub-processor BAAs executed; SOC 2 Type II in progress with Drata + platform engineering partner under NDA (observation window opening Q3 2026; report target Q3 2027). AI operates the workflow; source systems prove the facts; humans make every credentialing, privileging, hiring, payer, adverse-action, and clinical decision. Pre-seed raise: $2.25M on a $15M post-money SAFE. Product coverage is national-first: 43 roles, 51 jurisdictions, 2,193 role/state cells, 0 unsupported catalog cells, with API/source-receipted checks where live and manual PSV where automation is not live. First clinical advisor confirmed; remaining clinical, operational, and commercial advisor seats are in progress. Bet is the structural inversion (worker-owned, network-shared) plus four moats (cached inventory, structural inversion, partnership lock, regulatory window) on a Stripe-pattern category timing window.

"Rōvn turns credentialing from a repeated cost into a reusable network asset."

That is what the diligence is on. Everything in this data room is built to defend that claim line-by-line.

Last updated: 2026-05-17. For questions or to schedule a diligence session, contact founder Giles-Evan Mboumi.

Ask the AI agent about this section, the raise, compliance posture, or any cross-document question. Grounded in Rōvn's deep context, with on-page source citations.

AI queries route through AWS Bedrock under BAA · Anthropic Claude (Haiku 4.5) under BAA · zero-data-retention posture · no PHI in prompts.